From owner-freebsd-hackers  Fri Feb 21 15:35:15 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B346E37B401; Fri, 21 Feb 2003 15:35:13 -0800 (PST)
Received: from beastie.mckusick.com (beastie.mckusick.com [209.31.233.184])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id CC1FE43FE1; Fri, 21 Feb 2003 15:35:11 -0800 (PST)
	(envelope-from mckusick@beastie.mckusick.com)
Received: from beastie.mckusick.com (localhost [127.0.0.1])
	by beastie.mckusick.com (8.12.3/8.12.3) with ESMTP id h1LNZ6FL060404;
	Fri, 21 Feb 2003 15:35:07 -0800 (PST)
	(envelope-from mckusick@beastie.mckusick.com)
Message-Id: <200302212335.h1LNZ6FL060404@beastie.mckusick.com>
To: Terry Lambert <tlambert2@mindspring.com>
Subject: Re: bleh. Re: ufs_rename panic 
Cc: Yevgeniy Aleynikov <eugenea@infospace.com>,
	Matt Dillon <dillon@earth.backplane.com>,
	Ian Dowse <iedowse@maths.tcd.ie>, peter@FreeBSD.ORG,
	ache@FreeBSD.ORG, Ken Pizzini <kenp@infospace.com>,
	hackers@FreeBSD.ORG, security-officer@FreeBSD.ORG,
	nectar@FreeBSD.ORG, jedgar@FreeBSD.ORG, rwatson@FreeBSD.ORG,
	imp@FreeBSD.ORG, security-team@FreeBSD.ORG, wes@FreeBSD.ORG,
	guido@FreeBSD.ORG
In-Reply-To: Your message of "Fri, 21 Feb 2003 15:26:01 PST."
             <3E56B589.2E15F3C3@mindspring.com> 
Date: Fri, 21 Feb 2003 15:35:06 -0800
From: Kirk McKusick <mckusick@beastie.mckusick.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

	Date: Fri, 21 Feb 2003 15:26:01 -0800
	From: Terry Lambert <tlambert2@mindspring.com>
	To: Yevgeniy Aleynikov <eugenea@infospace.com>
	CC: Kirk McKusick <mckusick@beastie.mckusick.com>,
	   Matt Dillon <dillon@earth.backplane.com>,
	   Ian Dowse <iedowse@maths.tcd.ie>,
	   peter@FreeBSD.ORG, ache@FreeBSD.ORG,
	   Ken Pizzini <kenp@infospace.com>,
	   hackers@FreeBSD.ORG, security-officer@FreeBSD.ORG,
	   nectar@FreeBSD.ORG,
	   jedgar@FreeBSD.ORG, rwatson@FreeBSD.ORG, imp@FreeBSD.ORG,
	   security-team@FreeBSD.ORG, wes@FreeBSD.ORG, guido@FreeBSD.ORG
	Subject: Re: bleh. Re: ufs_rename panic

	Yevgeniy Aleynikov wrote:
	> As pointed by Ken - we do have alot of file renames (qmail).
	> But 2-nd solution, directory-only rename serialization, probably
	> won't affect performance as much.
	> 
	> But i believe it's not only us who's gonna have problem when exploit
	> code will be known by everybody sooner or later....

	Dan's non-atomicity assumption on renames is incorrect.

	Even if it's were correct, it's possible to recover fully following
	a failure, because metadata updates are ordered (there is a real
	synchronization between dependent operations).

	I think that a workaround would be to comment the directory fsync()
	code out of qmail, which apparently thinks it's running on extfs
	or an async mounted FFS.

	-- Terry

You cannot get rid of the fsync calls in qmail. You have to distinguish
between a filesystem that is recoverable and one which loses data.
When receiving an incoming message, SMTP requires that the receiver
have the message in stable store before acknowledging receipt. The
only way to know that it is in stable store is to fsync it before
responding.

	Kirk McKusick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message